aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2012-09-07 01:38:03 -0400
committerSteve Clay <steve@mrclay.org>2012-09-07 01:38:03 -0400
commit8916fcdca6a2950d210abd2db7e6fb104abec149 (patch)
tree6df6b80f2b039a623cde43de3e1e6fac85fe6463 /engine/lib
parent9ccbd106a87a1742a61cc4df0e9ead921046772a (diff)
downloadelgg-8916fcdca6a2950d210abd2db7e6fb104abec149.tar.gz
elgg-8916fcdca6a2950d210abd2db7e6fb104abec149.tar.bz2
Fixes #4789: group_gatekeeper() and river hide closed/invisible group content more reliably
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/group.php56
-rw-r--r--engine/lib/views.php8
2 files changed, 32 insertions, 32 deletions
diff --git a/engine/lib/group.php b/engine/lib/group.php
index feb1f1e7f..b81146e61 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -247,48 +247,42 @@ function get_users_membership($user_guid) {
}
/**
- * Checks access to a group.
+ * May the current user access item(s) on this page? If the page owner is a group,
+ * membership, visibility, and logged in status are taken into account.
*
* @param boolean $forward If set to true (default), will forward the page;
* if set to false, will return true or false.
*
- * @return true|false If $forward is set to false.
+ * @return bool If $forward is set to false.
*/
function group_gatekeeper($forward = true) {
- $allowed = true;
- $url = '';
-
- if ($group = elgg_get_page_owner_entity()) {
- if ($group instanceof ElggGroup) {
- $url = $group->getURL();
- if (!$group->isPublicMembership()) {
- // closed group so must be member or an admin
-
- if (!elgg_is_logged_in()) {
- $allowed = false;
- if ($forward == true) {
- $_SESSION['last_forward_from'] = current_page_url();
- register_error(elgg_echo('loggedinrequired'));
- forward('', 'login');
- }
- } else if (!$group->isMember(elgg_get_logged_in_user_entity())) {
- $allowed = false;
- }
- // Admin override
- if (elgg_is_admin_logged_in()) {
- $allowed = true;
- }
- }
- }
+ $page_owner_guid = elgg_get_page_owner_guid();
+ if (!$page_owner_guid) {
+ return true;
}
+ $visibility = ElggGroupItemVisibility::factory($page_owner_guid);
- if ($forward && $allowed == false) {
- register_error(elgg_echo('membershiprequired'));
- forward($url, 'member');
+ if (!$visibility->shouldHideItems) {
+ return true;
}
+ if ($forward) {
+ // only forward to group if user can see it
+ $group = get_entity($page_owner_guid);
+ $forward_url = $group ? $group->getURL() : '';
+
+ if ($visibility->reasonHidden !== ElggGroupItemVisibility::REASON_MEMBERSHIP) {
+ $_SESSION['last_forward_from'] = current_page_url();
+ $forward_reason = 'login';
+ } else {
+ $forward_reason = 'member';
+ }
- return $allowed;
+ register_error(elgg_echo($visibility->reasonHidden));
+ forward($forward_url, $forward_reason);
+ }
+
+ return false;
}
/**
diff --git a/engine/lib/views.php b/engine/lib/views.php
index b00334062..90737c260 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -1243,7 +1243,7 @@ function elgg_view_module($type, $title, $body, array $vars = array()) {
* @param ElggRiverItem $item A river item object
* @param array $vars An array of variables for the view
*
- * @return string|false Depending on success
+ * @return string
*/
function elgg_view_river_item($item, array $vars = array()) {
// checking default viewtype since some viewtypes do not have unique views per item (rss)
@@ -1256,6 +1256,12 @@ function elgg_view_river_item($item, array $vars = array()) {
if (!$subject || !$object) {
// subject is disabled or subject/object deleted
return '';
+ } else {
+ // hide based on object's container
+ $visibility = ElggGroupItemVisibility::factory($object->container_guid);
+ if ($visibility->shouldHideItems) {
+ return '';
+ }
}
$vars['item'] = $item;